Skip to main content
CVE-2020-22452 CRITICAL POC PATCH Act Now

SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP SQLi Phpmyadmin
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-24166 CRITICAL POC Act Now

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-0321 CRITICAL POC Act Now

Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cr6 Firmware Cr300 Firmware Cr800 Firmware Cr1000 Firmware +1
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2023-24456 CRITICAL PATCH Act Now

Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Session Fixation Information Disclosure Keycloak Authentication
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-24444 CRITICAL Act Now

Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Openid
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-24443 CRITICAL PATCH Act Now

Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Testcomplete Support
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-24441 CRITICAL PATCH Act Now

Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Mstest
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-24430 CRITICAL PATCH Act Now

Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Semantic Versioning
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-24429 CRITICAL PATCH Act Now

Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE SSRF Semantic Versioning
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-24427 CRITICAL PATCH Act Now

Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Session Fixation Information Disclosure Bitbucket Oauth
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-24170 CRITICAL Act Now

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/fromSetWirelessRepeat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-24169 CRITICAL Act Now

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_0007343c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-24167 CRITICAL Act Now

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/add_white_node. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-24165 CRITICAL Act Now

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/initIpAddrInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-24164 CRITICAL Act Now

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_000c2318. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-24022 CRITICAL PATCH Act Now

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Rtd Firmware Rts Firmware
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-24508 CRITICAL Act Now

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rtd Firmware Rts Firmware
NVD
CVSS 3.1
9.6
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy